Re: Disaster Recovery Scenario Help
- From: JamFan <JamFan@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 30 Dec 2005 10:00:02 -0800
Right...I understand the concept of the SID... what I don't understand is if
I can get all of my data restored on a non domain system; the data inherits
that structure's permissions; then move the data into the new domain and
assign them permissions, then what would be affected by the SID change other
than LDIF files? I guess the real question is if I am stuck with this as the
final option what can I expect to see fail? Thanks a lot for taking the time
to discuss this with me!
"Jorge de Almeida Pinto" wrote:
> the SID of the domain will be different because you install a new
> DC/domain/forest. Although you will be able to recreate users, groups,
> memberships etc. by importing lets say LDIF files, there is one problem
> left.... permissions on objects...
>
> Permissions on objects are controlled by an ACL with ACE. Each ACE is a SID
> (not name as you might think!) with the configured permissions (read, write,
> etc.)
>
> recreating the domain and recreating all objects and repermission.... would
> be MY LAST option I would think about as other options exist as I said
> earlier
>
> --
> Cheers,
> # Jorge de Almeida Pinto #
> BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
> -----------------------------------------------------------------------------
> * This posting is provided "AS IS" with no warranties and confers no rights!
> * Always test before implementing!
> -----------------------------------------------------------------------------
>
>
> -----------------------------------------------------------------------------
> "JamFan" <JamFan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:6710C173-DA13-41F1-8F76-8F0A8A4E6461@xxxxxxxxxxxxxxxx
> > Thanks for the response.. you have confirmed many of my beliefs.. I have
> > been
> > leaning towards simply creating a new forest and starting fresh if it got
> > this bad. As long as I have the data and layouts of all groups and
> > memberships. I have just heard so many nightmares in regards to AD
> > restore...
> > Any thoughts on the pros and cons of both scenarios? I would make one of
> > the
> > offsite DR boxes a DC that I could replicate to but I worry about
> > corupting
> > the production environment. Exchange restoration will still be possible
> > if I
> > do create a new forest right?
> >
> > "Jorge de Almeida Pinto" wrote:
> >
> >> 1...If the AD domain is lost (no DCs available), then how are you going
> >> to
> >> promote the DR servers into DCs? You need to existing DCs to promote
> >> additional DCs
> >>
> >> 2...fresh install and restoring current backups of DCs is an option
> >>
> >> 3...exchange depends on AD. So if AD is gone and exchange is up and
> >> running,
> >> it will shout like hell because AD is gone. In that case restoring DCs
> >> (going back in time) can cause different issues like disconnected
> >> mailboxes
> >> (because mailboxes exist on the exchange server, but the corresponding
> >> user
> >> does not yet exist in AD)
> >>
> >> 4...yes
> >>
> >> you might wanna take a look at:
> >> http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=3EDA5A79-C99B-4DF9-823C-933FEBA08CFE
> >>
> >> --
> >> Cheers,
> >> # Jorge de Almeida Pinto #
> >> BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
> >> -----------------------------------------------------------------------------
> >> * This posting is provided "AS IS" with no warranties and confers no
> >> rights!
> >> * Always test before implementing!
> >> -----------------------------------------------------------------------------
> >>
> >>
> >> -----------------------------------------------------------------------------
> >> "JamFan" <JamFan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> news:51FCA600-62A4-4B59-A008-70585BA00BF9@xxxxxxxxxxxxxxxx
> >> >I am creating a disaster recovery plan. The idea is that the building
> >> >and
> >> > network is a complete loss. I have 2 DR servers offsite. I just need
> >> > some
> >> > advice on a few AD related questions:
> >> >
> >> > 1. Are we better suited keeping the DR servers as standalone workgroup
> >> > servers or is it better to make them member servers that can be
> >> > upgraded
> >> > to
> >> > DC's with the domain SID?
> >> >
> >> > 2. Is such an upgrade possible or is an AD restore or fresh
> >> > install the only options?
> >> >
> >> > 2. What are the exchange recovery ramifications to either scenario
> >> > because
> >> > I
> >> > heard their are problems restoring exchange directly related to the
> >> > domain
> >> > SID?
> >> >
> >> > 3. Will the data on the backup tapes be accessible on the servers if
> >> > they
> >> > are not members of the domain?
> >> >
> >>
> >>
> >>
>
>
>
.
- Follow-Ups:
- Re: Disaster Recovery Scenario Help
- From: Jorge de Almeida Pinto
- Re: Disaster Recovery Scenario Help
- References:
- Re: Disaster Recovery Scenario Help
- From: Jorge de Almeida Pinto
- Re: Disaster Recovery Scenario Help
- From: JamFan
- Re: Disaster Recovery Scenario Help
- From: Jorge de Almeida Pinto
- Re: Disaster Recovery Scenario Help
- Prev by Date: Re: Rejoining the domain.
- Next by Date: Re: Rejoining the domain.
- Previous by thread: Re: Disaster Recovery Scenario Help
- Next by thread: Re: Disaster Recovery Scenario Help
- Index(es):
Relevant Pages
|
